Просмотр файла news.php

Размер файла: 5.19Kb
<?php

include "ini3.php";
include "includes/header2.php";

$id=cyr(htmlspecialchars(stripslashes(trim($id))));
$pass=cyr(htmlspecialchars(stripslashes(trim($pass))));

if(!empty($id)) 
{
$q = mysql_query("select * from users where id='".$id."';"); 
}
else
{
die ("Ошибка!</body></html>");
}


$data = mysql_fetch_array($q);

$id=$data['id'];
$login=$data['login'];
$health=$data['health'];
$admin=$data['admin'];

if(md5($pass)!=$data['pass'])
{
die ("Ошибка!</body></html>");
}
$date=date("H:i d.m.Y");
switch($mode){
default:
$all2=mysql_num_rows(mysql_query("select * from news"));
print "<u>[Новости($all2)]</u><br/>";
if($all2>0){
$all = mysql_num_rows(mysql_query("SELECT * FROM news"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$a = mysql_query("select * from news order by dbid desc limit ".$s.", 5 ;"); 
while($ab=mysql_fetch_array($a)){
$nid=$ab['dbid'];
$text=$ab['text'];
$mtime=$ab['date'];
$mtitle=$ab['title'];
include "gb/smile.php";
print "<b>$mtitle</b>[$mtime]<br/>";
print "$text<br/>";
print "---<br/>";
}
if($all>0)
{
$ba=ceil($all/5);
$ba2=$ba*5-5;
echo "Страницы:";
$asd=$s-(5*3);
$asd2=$s+(5*4);
if($asd<$all && $asd>0){
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;start=0\">1 |</a>";
}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/5);
if($s==$i)
{
echo ' '.$ii;
}
else
{
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;s=$i\">$ii |</a>";
}
}
$i=$i+5;
}
if($asd2<$all){echo " .. <a href=\"news.php?id=$id&amp;pass=$pass&amp;s=$ba2\">$ba |</a>";
}
}
}else{
print "Новостей нет!<br/>";
}
break;
case "addnews":
if($admin==7){
if($p==1){
$datet=date("H:i d.m.Y");
$text = str_replace('И', 'и', $text);
$text = str_replace('ш', 'Ш', $text);
$title = str_replace('И', 'и', $title);
$title = str_replace('ш', 'Ш', $title);
mysql_query("insert into news values(0,'$title','$text','$date');");
print "Новость добавлена<br/>";
}else{
echo "<form action=\"news.php?id=$id&amp;pass=$pass&amp;mode=addnews&amp;p=1\" method='POST'>
Заголовок:<br/>
<input name=\"title\" value=\"$title\" maxlength=\"50\"/><br/>
Введите новость:<br/>
<textarea name=\"text\" rows=\"7\" cols=\"25\"></textarea><br/>
<input type=\"submit\" class=\"button\" value=\"Добавить\" /></form>";

}
}
break;
case "editnews":
if($admin==7){
if($p!=1 && $p!=2){
$all2=mysql_num_rows(mysql_query("select * from news"));
print "<u>[Новости($all2)]</u><br/>";
if($all2>0){
$all = mysql_num_rows(mysql_query("SELECT * FROM news"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$a = mysql_query("select * from news order by dbid desc limit ".$s.", 5 ;"); 
while($ab=mysql_fetch_array($a)){
$nid=$ab['dbid'];
$text=$ab['text'];
$mtime=$ab['date'];
$mtitle=$ab['title'];
include "gb/smile.php";
print "<b>$mtitle</b>[$mtime]<br/>";
print "$text<br/>";
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;mode=editnews&amp;nid=$nid&amp;p=1\">Редактировать</a><br/>";
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;mode=editnews&amp;nid=$nid&amp;p=2\">Удалить</a><br/>";
print "---<br/>";
}
if($all>0)
{
$ba=ceil($all/5);
$ba2=$ba*5-5;
echo "Страницы:";
$asd=$s-(5*3);
$asd2=$s+(5*4);
if($asd<$all && $asd>0){
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;start=0&amp;mode=editnews\">1 |</a>";
}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/5);
if($s==$i)
{
echo ' '.$ii;
}
else
{
print "<a href=\"news.php?id=$id&amp;pass=$pass&amp;s=$i&amp;mode=editnews\">$ii |</a>";
}
}
$i=$i+5;
}
if($asd2<$all){echo " .. <a href=\"news.php?id=$id&amp;pass=$pass&amp;s=$ba2&amp;mode=editnews\">$ba |</a>";
}
}
}else{
print "Новостей нет!<br/>";
}
}
elseif($p==1){
if($s==1){
$nid=cyr(htmlspecialchars(stripslashes(trim($nid))));
mysql_query("update news set text='$ntext',title='$ntitle' where dbid='$nid';");
print "Сохранено!<br/>";
}else{
$nid=cyr(htmlspecialchars(stripslashes(trim($nid))));
$a = mysql_query("select * from news where dbid='$nid';");
$ab=mysql_fetch_array($a);
$text1=$ab['text'];
$title1=$ab['title'];
echo "<form action=\"news.php?id=$id&amp;pass=$pass&amp;mode=editnews&amp;p=1&amp;s=1&amp;nid=$nid\" method=\"post\">
<postfield name=\"ntext\" value=\"$(ntext)\"/>
<postfield name=\"ntitle\" value=\"$(ntitle)\"/>";

print "Заголовок: <br/>";
print "<input name=\"ntitle\"  value=\"$title1\" maxlength=\"50\"/><br/>
Новость:<br/>
<textarea name=\"ntext\" rows=\"7\" cols=\"25\">$text1</textarea><br/>";
echo "<input class=\"button\" type=\"submit\" value=\"Редактировать\"/></form>";

}
}
elseif($p==2){
$nid=cyr(htmlspecialchars(stripslashes(trim($nid))));
mysql_query("delete from news where dbid='$nid';");
print "Новость удалена<br/>";
}
}
break;

}
print "<br/>---<br/>&gt;<a href=\"news.php?id=$id&amp;pass=$pass\">Новости</a>";
print "<br/>&gt;&gt;<a href=\"game.php?id=$id&amp;pass=$pass\">Меню</a>";
print "<br/>---";
print "</body></html>";
?>